Now we have the newest version of OpenSSH installed and patched with the improvements from HPN-SSH; however we still need to make some changes to the /etc/ssh/sshd_config to take advantage of them. Near the bottom of your config file you will see a section for HPN related options; I used the following options from other guides I found:

1

2

3

4

5

6

7

8

9

10

11

12

# the following are HPN related configuration options

# tcp receive buffer polling. disable in non autotuning kernels

TcpRcvBufPoll yes

# allow the use of the none cipher

#NoneEnabled no

# disable hpn performance boosts.

#HPNDisabled no

# buffer size for hpn to non-hpn connections

HPNBufferSize16384

Another important thing to note is that the new sshd config file will reset some of your options like PermitRootLogin so be sure to check those. On my system the SyslogFacility option was commented out so the ssh related messages were logged to /var/log/messages instead of /var/log/secure; this subsequently broke my fail2ban setup since fail2ban was looking for failed authentications in /var/log/secure. To fix this I had to change the SyslogFacility option to:

During my experiments with building a seedbox, I noticed that CentOS created a separate partition for the /home directory. Since I was building a seedbox at a cloud provider, I wanted the entire disk as a single partition for large torrent downloads.

Below is an example layout on a default install of CentOS 6.5:

1

2

3

4

5

6

7

8

[root@localhost~]# df -h

Filesystem Size Used Avail Use%Mounted on

/dev/mapper/VolGroup-lv_root

50G1.2G46G3%/

tmpfs935M0935M0%/dev/shm

/dev/xvda1485M55M405M12%/boot

/dev/mapper/VolGroup-lv_home

45G180M43G1%/home

The following commands will remove the /home partition and resize the root one:

1

2

3

4

umount/home

lvm lvremove/dev/mapper/VolGroup-lv_home

lvm lvresize-l+100%FREE/dev/mapper/VolGroup-lv_root

resize2fs/dev/mapper/VolGroup-lv_root

Running df-h again will show that we have a single partition for /:

1

2

3

4

5

6

[root@localhost/]# df -h

Filesystem Size Used Avail Use%Mounted on

/dev/mapper/VolGroup-lv_root

95G1.2G89G2%/

tmpfs935M0935M0%/dev/shm

/dev/xvda1485M55M405M12%/boot

Now we still need to edit /ect/fstab to prevent CentOS from trying to mount a non-existent partition on start up. Delete the line that corresponds to the old /home partition; in my example its line 10:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

#

# /etc/fstab

# Created by anaconda on Thu Jul 3 11:57:44 2014

#

# Accessible filesystems, by reference, are maintained under '/dev/disk'

I’ve recently been experimenting with using a seedbox; I built one using CentOS 6.5 and Deluge. The original guide I followed used a repo that only had Deluge 1.3.5 and later through some googling I found a repo for installing 1.3.6.

For a while I always wondered why fail2ban sometimes put in the same rule twice under iptables:

1

2

3

4

5

6

7

8

9

[root@localhost~]# iptables -L

Chain INPUT(policy ACCEPT)

target prot opt source destination

fail2ban-SSH tcp--anywhere anywhere tcp dpt:ssh

fail2ban-SSH tcp--anywhere anywhere tcp dpt:ssh

ACCEPT all--anywhere anywhere

ACCEPT all--anywhere anywhere state RELATED,ESTABLISHED

ACCEPT tcp--anywhere anywhere state NEWtcp dpt:ssh

REJECT all--anywhere anywhere reject-with icmp-host-prohibited

It turns out that when fail2ban service starts, it inserts the fail2ban-ssh rule at the top of your iptables rules; so if you did save of your iptable rules with the fail2ban-ssh rule already inserted, iptables loads its default rules (with fail2ban-ssh in it) and then fail2ban adds it again when it starts.

To fix this, I deleted the fail2ban-ssh rules from iptables and saved those rules; now when my server boots iptables loads without the fail2ban-ssh rule and fail2ban adds it when it starts.